White list certain IPs/IP ranges in addition to geo blocking

lotb · April 7, 2021, 11:26am

1. Caddy version (`caddy version`):

2.3.0

2. How I run Caddy:

As a reverse proxy for several services

a. System environment:

Docker on Debian

d. My complete Caddyfile or JSON config:

(GEOFILTER) {
        @geofilter {
                not maxmind_geolocation {
                        db_path "/usr/share/GeoIP/GeoLite2-Country.mmdb"
                        allow_countries FR
                }
        }
        respond @geofilter 403
}

my.domain.com {
        import GEOFILTER
        reverse_proxy local:7625
}

3. The problem I’m having:

I am allowing only IPs from a specific country with GitHub - porech/caddy-maxmind-geolocation: Caddy v2 module to filter requests based on source IP geolocation which works fine. However, using the whitelist approach I’d also like to allow for certain other ip ranges but I am really not sure about the syntax.

4. What I already tried:

My config is based on Method Filtering LAN/WAN Traffic - #8 by Callifo. I’ve tried adding remote ip directives to the above config but it got me nowhere.

Thank you for any help!

francislavoie · April 7, 2021, 1:24pm

Probably something like this

	@geofilter {
		not maxmind_geolocation {
			db_path "/usr/share/GeoIP/GeoLite2-Country.mmdb"
			allow_countries FR
		}
		not remote_ip <whitelist>
	}
	respond @geofilter 403

lotb · April 7, 2021, 2:04pm

Thank you very much, that was much easier than I thought! And apparently I still had not understood the “not” directive properly.

system · May 7, 2021, 11:27am

This topic was automatically closed after 30 days. New replies are no longer allowed.